Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/sSL01x5vOzZSpxARJsVQFzGbFpw.roa
File:                     sSL01x5vOzZSpxARJsVQFzGbFpw.roa (raw, json)
Hash identifier:          Q27bdEx6M1EOgDOkhcwnHC85/ZQ29sPZJJUoaD3Sm4k=
Subject key identifier:   B1:22:F4:D7:1E:6F:3B:36:52:A7:10:11:26:C5:50:17:31:9B:16:9C
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB624F396D99D4546B1981A7CB862D
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/sSL01x5vOzZSpxARJsVQFzGbFpw.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34078
IP address blocks:        185.180.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:4f:39:6d:99:d4:54:6b:19:81:a7:cb:86:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b122f4d71e6f3b3652a7101126c55017319b169c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7f:d6:f6:ad:9d:d2:4a:d2:ed:8b:e3:ab:13:
                    a1:56:c6:51:be:84:55:79:3b:14:f0:b9:21:37:69:
                    96:8e:99:60:21:65:9d:d7:3d:8b:b3:fc:17:f5:33:
                    18:2e:aa:8b:1f:6f:c0:16:85:a4:17:74:b0:23:25:
                    d2:ca:87:ce:9c:59:c5:eb:04:e1:ba:26:70:e3:db:
                    42:46:ec:b1:a7:c2:e3:f6:f6:ee:94:71:dd:7d:59:
                    f2:c6:fe:22:f4:4b:85:19:57:f7:1a:87:e2:b0:82:
                    b2:cd:3a:e8:4d:0d:93:7c:16:7a:53:c8:69:7d:fe:
                    45:74:1d:23:96:94:db:b7:30:16:bc:72:ba:81:d7:
                    4d:6f:f4:14:49:01:1a:db:e3:b5:ab:9f:43:9a:b6:
                    37:13:a7:40:3d:dd:52:bb:dc:7f:78:8c:f1:1e:80:
                    9c:7c:09:56:e1:ab:35:ab:ae:af:d4:87:80:78:2c:
                    51:e4:77:10:cb:bb:6e:68:aa:84:e1:f3:35:29:f4:
                    bf:b6:f1:26:2c:3a:77:fd:6e:61:db:0d:98:7e:62:
                    bd:e0:b3:fc:23:7d:00:44:7f:57:a4:be:96:97:c5:
                    97:6d:d9:f1:e6:c7:99:fb:f8:01:2c:d5:f2:ca:49:
                    10:4a:76:3f:17:ce:46:59:a4:7c:8d:0e:43:2b:70:
                    2e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:22:F4:D7:1E:6F:3B:36:52:A7:10:11:26:C5:50:17:31:9B:16:9C
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/sSL01x5vOzZSpxARJsVQFzGbFpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:16:2d:cc:8c:27:5d:a0:70:44:33:1d:2f:15:6e:d0:45:c4:
         15:b0:bf:3f:f1:99:fa:f9:a9:17:d9:83:ac:02:e3:c7:0a:7d:
         6a:2c:4e:22:a7:ac:15:3e:8d:27:d3:db:8a:b4:7a:10:8f:e6:
         d8:6d:be:8e:d3:0a:d5:37:02:24:32:41:7c:bb:c1:50:4d:a0:
         d9:61:22:89:a4:bd:10:33:09:90:5e:b4:06:d1:dc:66:f9:23:
         9e:5c:4b:6f:e9:60:3f:d5:75:f9:79:73:cb:84:84:48:24:28:
         59:79:f3:08:ca:50:03:e6:a3:64:b0:7c:ab:55:25:88:73:f9:
         bc:e2:72:a4:23:1d:76:b1:88:87:f5:76:44:e3:5b:78:54:69:
         11:6d:08:27:0f:3f:d7:f3:a6:3d:f4:3c:f3:17:d6:e1:a1:36:
         b4:c6:81:de:20:14:64:e6:50:73:80:fb:51:d7:30:a0:dc:6d:
         04:32:bc:64:6f:87:e5:8b:dd:6e:e2:47:7a:8a:85:d0:55:ef:
         cc:f4:30:73:5d:29:85:b0:d8:40:0d:f7:de:50:c4:2e:e5:7e:
         01:13:bd:cf:40:54:77:66:9f:83:b0:8e:5d:c7:19:99:43:61:
         3f:3b:57:b3:a7:9c:ce:8e:b3:ac:80:df:f6:fa:ff:33:8a:57:
         af:f0:bf:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22JPOW2Z1FRrGYGny4YtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTIyZjRkNzFlNmYzYjM2NTJhNzEwMTEyNmM1NTAxNzMxOWIxNjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3/W9q2d0krS7YvjqxOhVsZRvoRV
eTsU8LkhN2mWjplgIWWd1z2Ls/wX9TMYLqqLH2/AFoWkF3SwIyXSyofOnFnF6wTh
uiZw49tCRuyxp8Lj9vbulHHdfVnyxv4i9EuFGVf3GofisIKyzTroTQ2TfBZ6U8hp
ff5FdB0jlpTbtzAWvHK6gddNb/QUSQEa2+O1q59DmrY3E6dAPd1Su9x/eIzxHoCc
fAlW4as1q66v1IeAeCxR5HcQy7tuaKqE4fM1KfS/tvEmLDp3/W5h2w2YfmK94LP8
I30ARH9XpL6Wl8WXbdnx5seZ+/gBLNXyykkQSnY/F85GWaR8jQ5DK3AunQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEi9Ncebzs2UqcQESbFUBcxmxacMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvc1NMMDF4NXZPelpTcHhBUkpzVlFGekdiRnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubSAMA0G
CSqGSIb3DQEBCwUAA4IBAQC2Fi3MjCddoHBEMx0vFW7QRcQVsL8/8Zn6+akX2YOs
AuPHCn1qLE4ip6wVPo0n09uKtHoQj+bYbb6O0wrVNwIkMkF8u8FQTaDZYSKJpL0Q
MwmQXrQG0dxm+SOeXEtv6WA/1XX5eXPLhIRIJChZefMIylAD5qNksHyrVSWIc/m8
4nKkIx12sYiH9XZE41t4VGkRbQgnDz/X86Y99DzzF9bhoTa0xoHeIBRk5lBzgPtR
1zCg3G0EMrxkb4fli91u4kd6ioXQVe/M9DBzXSmFsNhADffeUMQu5X4BE73PQFR3
Zp+DsI5dxxmZQ2E/O1ezp5zOjrOsgN/2+v8zilev8L/+
-----END CERTIFICATE-----